GlobalFintechSeries Interview with Trent Cooksley, Co-Founder and COO at Cowbell Cyber
Trent Cooksley, Co-founder and COO at Cowbell Cyber joins us in this interview to share a few thoughts on the biggest cyber threats while sharing a tip or two on cyber insurance policies for companies to keep in mind as the workforce continues to work from home during the ongoing Covid-19 pandemic. Catch the excerpts:
Can you tell us a little about yourself Trent? How did the idea / inspiration for Cowbell Cyber come about?
Prior to starting in insurance I was a bond trader and I had founded (and failed) a few different analytical focused start-ups in the real estate space. After that I was brought on to an early stage mono-line work comp insurer that was really focused on customer experience, technology and data across the whole value chain. From there I was hooked on insurance and building. I was lucky in that the company was growing fast and had a great little niche and over the years I got to work in literally every single department of an insurance organization because we were growing so fast. It was an incredibly challenging, fun and educational experience. We sold that company and I stuck around with our acquirer for a good deal of years working in a variety of different roles. I left mid-2019 and was going to take some time off but I started to chat with Jack (Cowbell CEO), who I had known and had been following what he was doing. He was really dialing in on his business model and the more we talked the more synergies started to align between my experiences in insurance and his in cybersecurity. Cyber insurance had all the components of something exciting, A challenging problem in a complex and growing segment. Together Jack and I laid out the two industries and really doubled down on solving the problem and I jumped in with both feet. It was a great match and a great opportunity to get back to some of my past entrepreneurial roots.
As a tech founder and given your industry experience over the years: could you share your biggest highlights and learnings too?
Some of my biggest career highlights were the 5 years of incredible growth our company experienced in the mid 2000’s and just how hard but how much fun it was, when I look back it seems like we were working so hard but at the time it didn’t seem that way because we were having so much fun! Later I was lucky enough to be able to invest in some of the pre-eminent insurtech companies in the world so I got to be on both sides of the fence. From a learning perspective, my early startup failures ended up teaching me quite a bit many years later as I reflected on them. Mainly around perseverance, being decisive and going all in. In early stage companies you have to be all in and you have to continue to grind, day in and day out, make quick decisions and not change them lightly.
What are some of the top risk management features that tech / SaaS / including fintech companies should be looking at?
Risk management can be organized along the traditional 3 layers: people, process and technology. By now, we know that changing people’s behavior with regard to security is a major challenge. A lot can be done there with artificial intelligence to detect and highlight undesirable usage of devices or applications, if combined with on-going security training delivered in a way that’s enticing and easy to digest.
Developing better visibility into 3rd party risks is also important. This is a more or less a process challenges and it starts to make sense for companies that handle sensitive data to demand not only specific cybersecurity measures but also require cyber insurance from their suppliers.
There have especially been an increased number of security threats during the whole work-from-home Covid-19 pandemic, what are the top tips you would share with the global workforce as remote work becomes the new norm, given this.
My first comment would be just invest a little bit of time in your own personal and home security protocols. Understand the exposures of your device and network. It actually isn’t that hard to provide a good base layer of protection. It can always be made easier but basic measures, including password hygiene, can be quite effective.
Companies should give their employees clear directions and real solutions on how to work from home and keep personal and enterprise assets secure. Too many, just hand off the real work to the IT guy and then have their employees take a test about not leaving their laptop open at the coffee shop. Guess what, rarely are you lucky enough to have a hacker just happen to be next to you at Starbucks looking over your shoulder and stealing your passwords. That hacker probably isn’t that good anyway. Damaging cyberattacks are much more deliberate and sinister than that.
Tell us a little about your thoughts on cyber insurance for larger enterprise companies: what are some of the common challenges/lags you see when larger teams implement risk management processes?
Risk management is a necessity. For most companies, IP, data, employees’ data, customer data are the most important asset and cyber insurance is a critical piece of an overall risk management plan. The COVID-19 pandemic has accelerated the discovery of weaknesses in Enterprise Risk Management (ERM) plans. In a positive way, the crisis is raising awareness about incident response preparedness, the ability to rapidly pivot an enterprise security strategy to address new risks such as the work-from-home model, but also what cyber insurance coverage can and should bring to the table. Cyber insurance needs to proactively follow the evolution of technology, how innovative technologies are being used and respond with relevant cyber coverages. Large teams have the opportunity to bring cyber insurance into their cybersecurity portfolio to achieve greater cyber resilience. Adequate preparedness is as much about prevention and detection of cyberattacks as it is about response and recovery. An effective risk management strategy is a balancing act between cybersecurity and cyber insurance investments.
Given the ongoing pandemic, how do you see cyber-security (innovations in this space and demand for these features) evolving – what are your predictions for this niche for the rest of the year?
Demand for cyber protection will continue to grow. The innovation potential may be around cleaning up and simplifying security offerings. There are also opportunities to standardize and streamline cyber insurance coverages. Not everyone is well-versed in cyber. In fact, most people are not. It’s hard to piecemeal everything together on your own so I think this will speed bundling of services and features through partnership.
Could you talk about some of the industry’s biggest cyber threats so far (leaks) and what biggest learnings readers can come away with because of them?
Ransomware in general and NotPetya or Wannacry in particular have been and are still damaging. Protection against these broad attacks go back to basic cyber hygiene including timely patching or proper use of passwords. These are also a good reminder that despite best efforts, no business, regardless of size and industry is immune to cyberattacks. This is why cyber insurance is emerging as a must have for increased cyber resilience.
How according to you will emerging tech play a key role in the development and evolution of this space?
Emerging tech will play a role on both sides. Technology innovation is accelerating but with each innovation comes a new set of exposures that need to be dealt with. But at the same time innovations contribute to the response and increases the capacity to deal with more exposures.
Tag (mention/write about) the one person in the Cyber insurance industry whose answers to these questions you would love to read!
Brian Krebs and Edward Snowden!
Would you like to share specific finance or business tips for Marketing and Sales teams struggling through this uncertain time?
Finance advice-> Be wise about your money. Sales and Marketing advice-> Keep pushing. Don’t stop. Uncertainty creates opportunity but you have to be willing to run to the fight, not away from it.